Facebook's new Group settings let any friend add you to any group without your permission. Could they possibly be more stupid?

ITworld|October 9, 2010

I spent the past three days largely unmolested by radio waves -- in the mountains, far from any cell tower, with the barest minimum connection to the wired world. It was nice.

When I returned, I discovered I'd joined a couple of Facebook Groups I'd never heard of before, and had message notifications from total strangers.

Yes, it's time for more Facebook privacy hijinks. But this wasn't the work of malware or some account hijacker. This was Facebook in its all of its dubious wisdom taking yet more liberties with people's accounts in the name of "social sharing."

Last Thursday Facebook unveiled a new Groups scheme that provides more proof Facebook still doesn't understand the basic fundamentals of user privacy (or more likely, openly disdains them), and will never will.

Here's how Groups now work. Let's say you want to set up a group discussing the various and sundry ways to torture small animals. Simply click "Create Group," create a title, start typing the names of friends you want to be in the group, and decide whether you want the group to be open (accessible by anyone on Facebook), closed (accessible only to those asked to join, but visible to everyone on Facebook -- the default setting), or secret (known only to you and its members). Click "Create." That's it.

Now every friend you've added is automatically a member of the group -- without any action on his or her part. Depending on the group setting, membership in the group may be announced on the member's wall. And he or she can add his/her friends to the group in the same manner. In other words, you're not invited to join, you've joined -- and it's up to you to unjoin if you don't like it.

Facebook does inform you that you're a member of this group the next time you log on. And of course, you can click "Leave Group" and never be added back against your will. (Assuming you check into Facebook on a regular basis and don't miss the notification.) But the basic principle of control over your personal profile has been completely violated.

Yet for some reason Facebook decided it would throw too much sand into the gears of social sharing to turn the "you've just joined" notification into a "would you like to join?" invitation. Stupid, stupid, stupid.

Being listed as a person who tortures puppies or gets a bit too excited at Boy Scout Jamborees is bad enough. It could easily get far worse, as Sophos security wonk Chet Wisniewski points out:

This could be abused in a very nasty way. Imagine you are traveling to the United States from overseas and your friends find it amusing to add you to a group that looks terrorist related. You might find a welcoming committee from the border patrol that you weren't expecting.

From a privacy perspective, this Groups grope is not the worst thing Facebook's has done. But after all the criticism Facebook has justifiably received this year for playing fast and loose with its members' information, it's mind blowing to me that they'd blithely take this step without considering the consequences. They really just don't care.

More and more, I'm thinking the caricature of Mark Zuckerberg presented in The Social Network -- as a hopeless/ruthless geek with no social skills and a complete inability to empathize with other humans -- is actually accurate.